An Attribute-Based Encryption Method Using Outsourced Decryption and Hierarchical Access Structure

Abstract

Cloud computing is being rapidly adopted by many organizations from different domains and large amounts of data is stored in the cloud. In order to ensure data security, the attribute-based access control mechanism has been emerging recently as a fine-grained access control model that grants access based on the data user’s attributes. In this model, the data owner builds the access policy using the attributes of the data users and access to the data is granted only if the requirements of such an access policy are satisfied. Ciphertext policy-based attribute-based encryption (CPABE) is one of the most widely used methods for providing encrypted access control. Complex, time consuming and costly paring operations are the major issue with the CPABE method. Hence, another efficient method is needed to reduce the data user’s overhead while decrypting data. This paper presents an efficient method consisting in outsourcing decryption operations to a third-party server, so that complex operations may be performed by that machine with only some simple calculations left on the data user’s side. The concept of a hierarchical access structure is also integrated with the traditional CPABE technique. The hierarchical approach enables the data owner to encrypt multiple data using a single common hierarchical access structure. This allows the user to decrypt only the relevant part of ciphertext, depending on which fragment of the hierarchical access structure is satisfied. The paper evaluates also the performance of the proposed model in terms of time and storage cost.